Warning: Permanently added '10.128.1.89' (ED25519) to the list of known hosts. 2025/02/18 02:27:57 ignoring optional flag "sandboxArg"="0" 2025/02/18 02:27:57 ignoring optional flag "type"="gce" 2025/02/18 02:27:57 parsed 1 programs 2025/02/18 02:27:58 executed programs: 0 [ 56.928974][ T2165] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 60.783559][ T2583] loop0: detected capacity change from 0 to 4096 [ 60.817033][ T2583] ntfs3(loop0): ino=22, "file0" ntfs_rename [ 60.865544][ T2586] loop0: detected capacity change from 0 to 4096 [ 60.895034][ T2586] ================================================================== [ 60.903290][ T2586] BUG: KASAN: slab-use-after-free in __list_add_valid_or_report+0x4e/0x130 [ 60.911917][ T2586] Read of size 8 at addr ffff8880704cde00 by task syz-executor.0/2586 [ 60.920229][ T2586] [ 60.922753][ T2586] CPU: 0 UID: 0 PID: 2586 Comm: syz-executor.0 Not tainted 6.14.0-rc3-syzkaller #0 [ 60.922760][ T2586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 60.922765][ T2586] Call Trace: [ 60.922773][ T2586] <TASK> [ 60.922785][ T2586] dump_stack_lvl+0x108/0x280 [ 60.922797][ T2586] ? __pfx_dump_stack_lvl+0x10/0x10 [ 60.922802][ T2586] ? __pfx__printk+0x10/0x10 [ 60.922806][ T2586] ? lock_acquire+0xc2/0x3a0 [ 60.922813][ T2586] ? __pfx_lock_acquire+0x10/0x10 [ 60.922818][ T2586] ? __virt_addr_valid+0x141/0x270 [ 60.922825][ T2586] ? __virt_addr_valid+0x229/0x270 [ 60.922831][ T2586] print_report+0x169/0x550 [ 60.922838][ T2586] ? __virt_addr_valid+0x141/0x270 [ 60.922844][ T2586] ? __virt_addr_valid+0x229/0x270 [ 60.922850][ T2586] ? __list_add_valid_or_report+0x4e/0x130 [ 60.922856][ T2586] kasan_report+0x143/0x180 [ 60.922863][ T2586] ? __list_add_valid_or_report+0x4e/0x130 [ 60.922868][ T2586] __list_add_valid_or_report+0x4e/0x130 [ 60.922873][ T2586] chrdev_open+0x2d6/0x540 [ 60.922880][ T2586] ? __pfx_chrdev_open+0x10/0x10 [ 60.922885][ T2586] ? do_raw_spin_unlock+0x13c/0x8b0 [ 60.922892][ T2586] do_dentry_open+0x6e9/0x1070 [ 60.922899][ T2586] ? __pfx_chrdev_open+0x10/0x10 [ 60.922905][ T2586] vfs_open+0x36/0x290 [ 60.922912][ T2586] path_openat+0x2359/0x2a10 [ 60.922922][ T2586] ? kasan_save_track+0x3f/0x80 [ 60.922927][ T2586] ? __kasan_slab_alloc+0x66/0x80 [ 60.922932][ T2586] ? __pfx_path_openat+0x10/0x10 [ 60.922938][ T2586] ? __lock_acquire+0x61d/0xc70 [ 60.922944][ T2586] ? __lock_acquire+0x61d/0xc70 [ 60.922949][ T2586] do_filp_open+0x274/0x480 [ 60.922953][ T2586] ? __pfx_do_filp_open+0x10/0x10 [ 60.922959][ T2586] ? alloc_fd+0x4ab/0x520 [ 60.922963][ T2586] do_sys_openat2+0xf6/0x180 [ 60.922968][ T2586] ? __pfx_do_sys_openat2+0x10/0x10 [ 60.922972][ T2586] ? rcu_is_watching+0x1f/0xa0 [ 60.922977][ T2586] ? __rseq_handle_notify_resume+0x8b5/0xea0 [ 60.922985][ T2586] __x64_sys_openat+0x20d/0x260 [ 60.922989][ T2586] ? __pfx___x64_sys_openat+0x10/0x10 [ 60.922994][ T2586] do_syscall_64+0x8d/0x170 [ 60.923004][ T2586] ? clear_bhb_loop+0x55/0xb0 [ 60.923009][ T2586] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.923013][ T2586] RIP: 0033:0x7f47ad07dea9 [ 60.923022][ T2586] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 60.923026][ T2586] RSP: 002b:00007f47add370c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 60.923035][ T2586] RAX: ffffffffffffffda RBX: 00007f47ad1abf80 RCX: 00007f47ad07dea9 [ 60.923039][ T2586] RDX: 0000000000000000 RSI: 0000000020002140 RDI: ffffffffffffff9c [ 60.923041][ T2586] RBP: 00007f47ad0ca4a4 R08: 0000000000000000 R09: 0000000000000000 [ 60.923044][ T2586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.923047][ T2586] R13: 0000000000000016 R14: 00007f47ad1abf80 R15: 00007ffc15c6b238 [ 60.923050][ T2586] </TASK> [ 60.923052][ T2586] [ 61.217946][ T2586] Allocated by task 2583: [ 61.222430][ T2586] kasan_save_track+0x3f/0x80 [ 61.227094][ T2586] __kasan_slab_alloc+0x66/0x80 [ 61.231954][ T2586] kmem_cache_alloc_lru_noprof+0x1d7/0x440 [ 61.237830][ T2586] ntfs_alloc_inode+0x20/0x70 [ 61.242754][ T2586] alloc_inode+0x57/0x160 [ 61.247134][ T2586] new_inode+0x17/0x1b0 [ 61.251561][ T2586] ntfs_new_inode+0x40/0xd0 [ 61.256570][ T2586] ntfs_create_inode+0x58c/0x32c0 [ 61.261591][ T2586] ntfs_mknod+0x17/0x20 [ 61.265763][ T2586] vfs_mknod+0x26c/0x290 [ 61.270005][ T2586] do_mknodat+0x382/0x4a0 [ 61.274318][ T2586] __x64_sys_mknodat+0xa2/0xc0 [ 61.279132][ T2586] do_syscall_64+0x8d/0x170 [ 61.283692][ T2586] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.289674][ T2586] [ 61.292067][ T2586] Freed by task 16: [ 61.295887][ T2586] kasan_save_track+0x3f/0x80 [ 61.300544][ T2586] kasan_save_free_info+0x40/0x50 [ 61.305626][ T2586] __kasan_slab_free+0x59/0x70 [ 61.310380][ T2586] kmem_cache_free+0x17e/0x470 [ 61.315142][ T2586] rcu_core+0xcb3/0x1630 [ 61.319510][ T2586] handle_softirqs+0x1ab/0x580 [ 61.324421][ T2586] run_ksoftirqd+0x28/0x40 [ 61.329264][ T2586] smpboot_thread_fn+0x578/0x7f0 [ 61.334266][ T2586] kthread+0x647/0x750 [ 61.338307][ T2586] ret_from_fork+0x32/0x60 [ 61.342855][ T2586] ret_from_fork_asm+0x1a/0x30 [ 61.347600][ T2586] [ 61.350122][ T2586] Last potentially related work creation: [ 61.356000][ T2586] kasan_save_stack+0x3f/0x60 [ 61.360940][ T2586] kasan_record_aux_stack+0xaa/0xc0 [ 61.366127][ T2586] call_rcu+0x159/0x8e0 [ 61.370351][ T2586] evict+0x79a/0x900 [ 61.374332][ T2586] __dentry_kill+0x196/0x5b0 [ 61.379015][ T2586] shrink_kill+0x29/0xa0 [ 61.383243][ T2586] shrink_dentry_list+0x1b5/0x410 [ 61.388254][ T2586] shrink_dcache_parent+0xb6/0x2a0 [ 61.393336][ T2586] do_one_tree+0x1b/0xd0 [ 61.397567][ T2586] shrink_dcache_for_umount+0x85/0x120 [ 61.403073][ T2586] generic_shutdown_super+0x63/0x260 [ 61.408526][ T2586] kill_block_super+0x3f/0x80 [ 61.413208][ T2586] ntfs3_kill_sb+0x3f/0x1a0 [ 61.417718][ T2586] deactivate_locked_super+0x9f/0x3a0 [ 61.423080][ T2586] cleanup_mnt+0x29f/0x320 [ 61.427574][ T2586] task_work_run+0x20f/0x290 [ 61.432161][ T2586] syscall_exit_to_user_mode+0xa3/0x1b0 [ 61.437947][ T2586] do_syscall_64+0x9a/0x170 [ 61.442636][ T2586] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.449129][ T2586] [ 61.451542][ T2586] The buggy address belongs to the object at ffff8880704cd760 [ 61.451542][ T2586] which belongs to the cache ntfs_inode_cache of size 1736 [ 61.466546][ T2586] The buggy address is located 1696 bytes inside of [ 61.466546][ T2586] freed 1736-byte region [ffff8880704cd760, ffff8880704cde28) [ 61.480496][ T2586] [ 61.482803][ T2586] The buggy address belongs to the physical page: [ 61.489767][ T2586] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x704c8 [ 61.498876][ T2586] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 61.507364][ T2586] memcg:ffff88800ff5d001 [ 61.511693][ T2586] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 61.519248][ T2586] page_type: f5(slab) [ 61.523210][ T2586] raw: 00fff00000000040 ffff8881452b28c0 dead000000000122 0000000000000000 [ 61.532226][ T2586] raw: 0000000000000000 0000000000110011 00000000f5000000 ffff88800ff5d001 [ 61.541444][ T2586] head: 00fff00000000040 ffff8881452b28c0 dead000000000122 0000000000000000 [ 61.550399][ T2586] head: 0000000000000000 0000000000110011 00000000f5000000 ffff88800ff5d001 [ 61.559120][ T2586] head: 00fff00000000003 ffffea0001c13201 ffffffffffffffff 0000000000000000 [ 61.568108][ T2586] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 61.577301][ T2586] page dumped because: kasan: bad access detected [ 61.583912][ T2586] page_owner tracks the page as allocated [ 61.589631][ T2586] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 2583, tgid 2582 (syz-executor.0), ts 60794774920, free_ts 6356415266 [ 61.612793][ T2586] post_alloc_hook+0x108/0x120 [ 61.617563][ T2586] get_page_from_freelist+0x3229/0x3370 [ 61.623110][ T2586] __alloc_frozen_pages_noprof+0x256/0x650 [ 61.629012][ T2586] alloc_pages_mpol+0x224/0x4e0 [ 61.633852][ T2586] allocate_slab+0x8b/0x350 [ 61.638331][ T2586] ___slab_alloc+0x9f6/0x1130 [ 61.643004][ T2586] kmem_cache_alloc_lru_noprof+0x29a/0x440 [ 61.648998][ T2586] ntfs_alloc_inode+0x20/0x70 [ 61.653658][ T2586] alloc_inode+0x57/0x160 [ 61.657963][ T2586] iget5_locked+0x35/0x80 [ 61.662385][ T2586] ntfs_iget5+0xc2/0x3060 [ 61.666688][ T2586] ntfs_fill_super+0x1f5e/0x3cf0 [ 61.671615][ T2586] get_tree_bdev_flags+0x364/0x520 [ 61.676923][ T2586] vfs_get_tree+0x86/0x1a0 [ 61.681496][ T2586] do_new_mount+0x21e/0x9b0 [ 61.686046][ T2586] __se_sys_mount+0x219/0x2b0 [ 61.690786][ T2586] page last free pid 1 tgid 1 stack trace: [ 61.696564][ T2586] free_frozen_pages+0xb98/0xdf0 [ 61.701515][ T2586] free_contig_range+0x13b/0x3b0 [ 61.706728][ T2586] destroy_args+0x73/0x380 [ 61.711139][ T2586] debug_vm_pgtable+0x456/0x630 [ 61.716054][ T2586] do_one_initcall+0x199/0x570 [ 61.720813][ T2586] do_initcall_level+0x11e/0x1e0 [ 61.725747][ T2586] do_initcalls+0x5b/0xb0 [ 61.730082][ T2586] kernel_init_freeable+0x36a/0x4c0 [ 61.735269][ T2586] kernel_init+0x18/0x1b0 [ 61.739876][ T2586] ret_from_fork+0x32/0x60 [ 61.744283][ T2586] ret_from_fork_asm+0x1a/0x30 [ 61.749066][ T2586] [ 61.751388][ T2586] Memory state around the buggy address: [ 61.757033][ T2586] ffff8880704cdd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.765233][ T2586] ffff8880704cdd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.773276][ T2586] >ffff8880704cde00: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc [ 61.781441][ T2586] ^ [ 61.785485][ T2586] ffff8880704cde80: fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb [ 61.793520][ T2586] ffff8880704cdf00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.801639][ T2586] ================================================================== [ 61.810078][ T2586] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 61.818013][ T2586] Kernel Offset: disabled [ 61.822333][ T2586] Rebooting in 86400 seconds..